Security Strategy From Requirements to Reality 1st Edition by Bill Stackpole, Eric Oksendahl ISBN 1439827338 9781439827338

Security Strategy From Requirements to Reality 1st Edition by Bill Stackpole, Eric Oksendahl – Ebook PDF Instant Download/Delivery: 1439827338, 9781439827338
Full download Security Strategy From Requirements to Reality 1st Edition after payment

Product details:

ISBN 10: 1439827338 
ISBN 13: 9781439827338
Author: Bill Stackpole, Eric Oksendahl

Security Strategy From Requirements to Reality 1st Table of contents:

Section I Strategy
1 Strategy: An Introduction
Strategic Planning Essentials
Strategic Planning Process Evaluation
Security Leadership Challenges
Getting Started
Value Proposition
Other Challenges for Security and Strategic Planning
When Strategic Planning Should Be Conducted
Metaphor Analysis and Strategic Planning
Strategic Planning as a Process
Requirements for Successful Strategic Plans
Creating a Security Culture
Security Continuum (Moving toward a Security Culture)
Conclusion
2 Getting to the Big Picture
Background (Why Should Security Bother with Strategic Planning?)
Menu of Strategic Planning Methods and Models
Which Strategic Planning Tools?
What Are Security Plan Essentials? (Analysis, Planning, and Implementation)
Learn the Big Picture of the Extended Enterprise
Include a High-Level Risk Assessment as Input
Link Your Strategic Plan to the Organization Strategic Plan
Develop Flexibility and Fluidity in Your Department
When Should Strategic Planning Be Done?
Six Keys to Successful Strategic Planning
Simplicity
Passion (Emotional Energy) and Speed of Planning and Adapting
Connection to Core Values
Core Competencies
Communication
Implementation
Myths about Strategic Planning
Barriers to Strategic Planning
Pushing through to the Next Level of Strategic Breakthrough (Inside/Outside Organizational Input/Output)
Going Slow to Go Faster, or Don’t Just Do Something, Sit There (Honing Organizational Strategic Planning Skills)
Think Ahead, Act Now
Strategic Business Principles and Workplace Politics
Looking for Niches, Voids, Under-Your-Nose Advantages
Overcoming Negative Perceptions of Security
Averse to Outsourcing
Reluctant to Change Quickly
Stovepiped Organization Out of Touch with Business Realities
Always Looking for the Next Magic Technology Bullet
Promises, Promises You Can’t Keep
Developing Strategic Thinking Skills
Create Time for Thinking
Scan
Inquire
Focus Long Distance/Practice Short Distance
Anticipate
Communicate
Evaluate
Practice Flexibility
Conclusion
3 Testing the Consumer
Introduction
Defining the Consumer Buckets
What Historic Issues Are We Trying to Resolve or Avoid?
What Are the Challenges?
Customer Relationship Management (CRM)
Customer Value Management (CVM)
When Should You Collect Consumer Data?
Quick Customer Assessment
Managing Key Internal Relationships
Conducting Face-to-Face Interviews
Guidelines for How to Solicit Feedback
Designing Customer Feedback Surveys
Online Survey Guidelines
Focus Group Guidelines
Deploying a Survey
Measuring Customer Satisfaction Results
Integration of Consumer Data
Conclusion
4 Strategic Framework (Inputs to Strategic Planning)
Introduction
Environmental Scan
Regulations and Legal Environment
Industry Standards
Marketplace–Customer Base
Organizational Culture
National and International Requirements (Political and Economic)
Competitive Intelligence
Business Intelligence
Technical Environment and Culture
Business Drivers
Business Drivers for the Enterprise
Additional Environmental Scan Resources
Scenario Planning
Futurist Consultant Services
Blue Ocean Strategy versus Red Ocean Strategy
Future (the Need to Be Forward Looking)
Conclusion
5 Developing a Strategic Planning Process
Roles and Responsibilities
Process and Procedures
Get Ready to Plan for a Plan
Planning, Preparation, and Facilitation
Building a Foundation for Strategy (High, Wide, and Deep)
In the Beginning
Vision, Mission, and Strategic Initiatives
Vision Statement
Mission Statement
Strategic Initiatives
Analysis
Strategy Formation (Goals, Measurable Objectives)
Implementation (a Bias toward Action and Learning)
Keys to Success for the Implementation Stage of Strategic Planning
Feedback, Tracking, and Control
Completion
Best Strategies (Strategies That Work)
Conclusion
6 Gates, Geeks, and Guards (Security Convergence)
Introduction
Terms and Definitions
Benefits of Security Convergence
Cost Savings
Improved Security and Risk Management
More Effective Event/Incident Management
User Experience
Regulatory Compliance
Improved Business Continuity Planning
Other Improvements
Convergence Challenges
Success Factors
Conclusion
Section II Tactics
7 Tactics: An Introduction
Tactical Framework
Facilities—Physical Attack Scenarios
IT Systems—Logical Attack Scenarios
Objectives Identification
First Principles
Observation Principle
Response Principle
Timeliness Principle
Preparedness Principle
Economy Principle
Maintenance of Reserves (Coverage) Principle
Redundancy Principle
Least Privilege Principle
Commonality Principle
Conclusion
8 Layer upon Layer (Defense in Depth)
Introduction
Defense-in-Depth Objectives Identification
Information Environments
Threats
Environmental Objectives
In-House Objectives
Limited and Controlled Boundary Access Points
Effective Logging, Detection, and Alerting Capabilities
What Constitutes Effective Monitoring?
Operational Excellence for Security Controls
Superior Personal Supervision, Training, and Skills Management
High Assurance Identity Management
What Is High Assurance Identity Management?
Timely Incident Response and Resolution
Shared-Risk Environments
Hosted Objectives
Consumer Scenario
Limited/Controlled Host Access Points and Application Execution
Secure Host Operations
Excellence in Service Provider Management
Summary
Provider Scenario
Uncompromising Application Security
Exceptional Customer Data Isolation
Shared-Risk Mitigation
Superior Accountability
Summary
Hybrid Objectives
Consumer Objectives
Loosely Coupled Scenarios
Fully Coupled Scenarios
Fully Integrated Scenarios
Provider Objectives
Uncoupled Scenarios
Loosely Coupled Scenarios
Fully Coupled Scenarios
Fully Integrated Scenarios
Conclusion
9 Did You See That! (Observation)
Introduction
Observation Objectives
Observation Elements
Reconnaissance
Sentry
Physical Security
Event Detection
IT Security
Pattern Detection
Anomaly Detection
Intrusion Prevention Extensions
Resolution
Log-Based Detection
Alarming
Command
Summary
Drivers and Benefits for Excellence in Observation
Observation Challenges
Success Factors and Lessons Learned
Reconnaissance
Surveillance
CCTV Surveillance Lessons Learned
Physical Detectors Lessons Learned
IT System Security
IT System Security Lessons Learned
Excellence in Observation Control Objectives
Reconnaissance
Surveillance
Event Detectors
Pattern and Anomaly Detectors
Conclusion
10 Trust but Verify (Accountability)
Introduction
Unmatched Value of Accountability
Comprehensive Accountability Challenges
Identity Challenges
Audit Challenges
Best Uses for the Accountability Tactic
Comprehensive Accountability Identity Objectives
Identity Control Requirements for Accountability
Domain and Local Account Management
Name Collision
Name Collision Scenarios
Identity Retention
Identity Verification
Local System Accounts
Shared Accounts
Comprehensive Accountability Audit Objectives
Current State
Audit Requirements for Accountability
Domain and Local Audit Management
Complete
Temporal
Consistent
Relevant
Understandable
Simple
Sequential
Correlated
Tamperproof
Traceable
Retained
Conclusion
11 SDL and Incident Response
Introduction
Terms Used in This Chapter
Security Development Lifecycle (SDL) Overview
Security Incident Response Overview
Tactical Objectives
Elements of Application Development and Response
Application
Phase 1—Requirements
Phase 2—Design
Threat Modeling
Phase 3—Development
Phase 4—Verification
Phase 5—Release
Phase 6—Support/Service
(SDL)2—Software as a Service Extension (SaaS)
Security Development Lifecycle Drivers and Benefits
Security Development Lifecycle Challenges
SDL Success Factors and Lessons Learned
Application Control Objectives
Observation/Recognition
Passive Detection Control Objectives
Active Detection Control Objectives
Transition Objectives
Common Collection and Dispatch
Transition Drivers and Benefits
Transition Challenges
Transition Success Factors and Lessons Learned
Lessons Learned
Transition Control Objectives
Rapid Response
Incident Response Procedures
Automated Responses
Nonincident-Related Response Procedures (Reporting)
Reporting as a Response
Rapid Response Drivers and Benefits
Response Challenges
Response Success Factors and Lessons Learned
Response Control Objectives
Conclusion
12 Keep Your Enemies Closer
Introduction
Hire a Hacker Objectives
Offensive Objectives
How to Use This Tactic for Offense
Defensive Objectives
How to Use This Tactic for Defense
Summary
The Hire a Hacker Controversy
Success Factors and Lessons Learned
Control Objectives
Countering Insider Threats (Malicious Insider)
Competent Supervision
Supervisor Attributes
Trained
Observant
Enforcing
Cautious Hirer
Supervisory Attributes
Separation of Duties
Least Privilege
Isolated
Rotated
Rescreened
Forced Leave
Employee Screening
Background Checks
Identity Check
Preemployment Testing
Disqualification
Rescreening
Target Retaliation
Target Deception
Malicious Code Implantation
Isolated
Hardened
Malware Protected
Privilege Restricted/Execution Restricted
Scanned
Execution Reviewed
Code Reviewed
Conclusion
13 Hire a Hessian (Outsourcing)
Introduction
Security in the Outsourcing of IT Services
Outsourcing Pros—Benefits
Outsource Cons—Challenges
Success Factors and Lessons Learned
Outsourcing Control Objectives
Security in the Outsourcing of Security Services
Commonly Outsourced Services
Security Auditing
Penetration Testing, Vulnerability Assessment
Systems Monitoring
Facilities Monitoring
Incident Support
System Management/Administration
Security Officer Services
Outsourcing of Security Services Objectives
Challenges to Outsourcing Security Services
Success Factors and Lessons Learned
Outsourcing Security Services Control Objectives
Maintain the Confidentiality of Results
Prevent the Disclosure of Events
Preserving Evidence
Avoiding Retention/Discovery Liabilities
Elevated Privilege and Intellectual Property Loss
Conclusion
14 Security Awareness Training
Introduction
Staff Development Training
General Staff Security Training
Security Staff Training
Security Staff Training Requirements
Security Awareness Training
Awareness Training Objectives
Awareness Training Elements
Awareness Training Drivers and Benefits
Industry Training Trends and Best-Practices Examples
Training Resources
Awareness Training Challenges
Success Factors and Lessons Learned
How Do You Know if Your Training Is Successful?
Conclusion
References
Appendix
Physical Security Checklists

People also search for Security Strategy From Requirements to Reality 1st:

security strategy roadmap
    
security strategy development
    
a strategy based on the concept of defense in depth
    
is a strategy for the protection of information assets
    
security/strategic reasons

Tags: Bill Stackpole, Eric Oksendahl, Security Strategy